Scan Those Links Before Visiting

In an era when simply clicking on a link sent to you via e-mail or instant message can spell speedy doom for Microsoft Windows users, it's nice to have yet another resource for checking the validity and security of Web links.

I spent a couple of days playing around with a free Web-based tool from Exploit Prevention Labs that lets users copy and paste a Web link to see whether it appears to try any malware mischief. Using this service should by no means be considered an "all-clear" sign to click on a link sent to you in an unsolicited e-mail or instant message, but rather an extra layer of security to help you make a decision about whether a given Web link may be malicious or not.

Exploit Prevention Labs's service checks the submitted link against a list of known bad Internet addresses. Failing any red flags at that point, the service pretends to be a vulnerable Web browser visiting the site. I didn't subject this service to a battery of tests, but merely tried fewer than a half dozen suspicious Internet addresses I was urged to visit in various unsolicited e-mail messages. LinkScanner identified two of them as potentially malicious, including one link I received via e-mail that I was fairly certain tried to exploit a known Microsoft Windows flaw and another that was apparently related to a software piracy site that tried a number of Web browser exploits.

Again, I am not touting LinkScanner as a "scan-it-and-if-okay-go-ahead-and-click" type service. But it does add another layer of assurance for Windows users already beset by a deluge of malicious Web links. There have been browser extensions and other tools made available that attempt this same task, but the nice thing about this service is that it is Web-based, so there is no need to install any software on your machine in order to user it.

You can get similar protection via a customized HOSTS file. Using a built-in component of Windows, HOSTS automatically filters all of your traffic for known hostiles, without requiring you to test each link.

www.mvps.org/winhelp2002/hosts.htm

Unlike LinkScanner, HOSTS does require a user to remember to download updated blocklists regularly. You need administrator rights to modify or replace the HOSTS file, so think of HOSTS as a monthly chore that should be done alongside the usual batch of Microsoft updates.

If you're really security conscious, use both HOSTS and the LinkScanner site. Two layers of defense are better than one.

Ken L: A HOSTS file does NOT afford the same protection offered by LinkScanner. LinkScanner DOES use a blacklist of potential malicious sites, but that is only half of the protection. The other feature of LinkScanner is the ability to flag the site as attempting to exploit particular vulnerabilities.

I was doing a search recently for waterbed mattress and Google returned a link for myrest.com. McAfee SiteAdvisor marked it with a Red X and their info states: "When we tested this site we found links to liveperson.com, which we found to be a distributor of downloads some people consider adware, spyware or other unwanted programs." However, the LinkScanner result states: "Congratulations! LinkScanner did not find any exploits at:http://myrest.com" I guess nobody's perfect. Who are you to believe?

Links to other sites are one thing, but presence of an actual exploit on the site you're scanning or an attempt at inserting it onto your machine is quite another. If you tried to test the bad link addresses, they'd probably be blacklisted (or would be very shortly!). That's where the resident software comes in handy.

I have not tried the Exploit Prevention Labs service. But, for some time, I made use of the McAfee SiteAdvisor, and I must tell it makes mistakes quite frequently. As for the Exploit Prevention Labs service, it does not offer automatic checking and this alone makes it unusable and unpractical in our dynamic real life.

99.62% signatures and heuristics + 99% proactive protection + some other protection components! Do you still believe it would be better to perform multiple copy-paste operations in a service of unknown efficiency? By the way, if you want you can test each your file at Virustotal.com or virusscan.jotti.org. In my opinion, Kaspersky Internet Security 6.0 is much more efficient than a whole batch of services like the Exploit Prevention, and Kaspersky does its job automatically.

Compete recently launched a new Firefox toolbar that automatically detects Google and Yahoo search results and scores the trust and popularity of each result.

The offering is analagous to SiteAdvisor; however, they offer additional site insight, such as how many people have visited the site and whether or not there are any promo codes available (should it be a retail site). http://home.compete.com

LinkScanner is just useless. I ran it against a list of sites that load the unbelievably dangerous Gromozon-related exploits from external sites through obfuscated javascript, just like the vast majority of these sites do. LinkScanner never detected anything. I strongly urge you not to trust the results that LinkScanner gives out.